Vulnerability Description
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Python | Beaker | <= 1.6.4 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/50226Vendor Advisory
- http://secunia.com/advisories/50520Vendor Advisory
- http://www.debian.org/security/2012/dsa-2541
- http://www.openwall.com/lists/oss-security/2012/08/13/10
- https://bugzilla.redhat.com/show_bug.cgi?id=809267
- https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328f
- http://secunia.com/advisories/50226Vendor Advisory
- http://secunia.com/advisories/50520Vendor Advisory
- http://www.debian.org/security/2012/dsa-2541
- http://www.openwall.com/lists/oss-security/2012/08/13/10
- https://bugzilla.redhat.com/show_bug.cgi?id=809267
- https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328f
FAQ
What is CVE-2012-3458?
CVE-2012-3458 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.
How severe is CVE-2012-3458?
CVE-2012-3458 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3458?
Check the references section above for vendor advisories and patch information. Affected products include: Python Beaker.